Flash Player Pro软件爆破的方法
我本来想找出Flash Player Pro软件算法给大家看学习的~~~~~~~~但是这个算法有4个算法CDLL分析不好做.
因此就把爆破方法给出来.因为这个软件在我填好注册信息点注册按键时不会有相关软件信息.
用PEID查壳是无壳的是 Borland Delphi 写的.有破解知识的都知通过查找按钮事件的方法.来找注册按钮信息!!!把软件载入DEDE
找软件的注册按钮信息.004EC1E0 .55 PUSH EBP在载入OD!!!!!!!!!!!按Ctrl+G把004EC1E0输入大解定就来了
下的代码中
\*********************************************************************************\
004EC1E0 .55 PUSH EBP ;在此下断 开始看看这部分代码可以看到004EC3AD有个
004EC1E1 .8BEC MOV EBP,ESP \MessageBoxA在下一点有 ;ASCII "Username";ASCII
004EC1E3 .B9 0E000000 MOV ECX,0E ASCII "Username";ASCII "code"哪就联想这个
004EC1E8 >6A 00 PUSH 0 MessageBoxA是不是注册的城功信息提示呢!!!!!
004EC1EA .6A 00 PUSH 0 为什么会就什想因为我们按注册按钮时没有别的信息提示!
004EC1EC .49 DEC ECX 按F8向下
004EC1ED .^ 75 F9 JNZ SHORT Flash_Pl.004EC1E8
004EC1EF .53 PUSH EBX
004EC1F0 .56 PUSH ESI
004EC1F1 .57 PUSH EDI
004EC1F2 .8945 FC MOV DWORD PTR SS:,EAX
004EC1F5 .33C0 XOR EAX,EAX
004EC1F7 .55 PUSH EBP
004EC1F8 .68 9DC64E00 PUSH Flash_Pl.004EC69D
004EC1FD .64:FF30 PUSH DWORD PTR FS:
004EC200 .64:8920 MOV DWORD PTR FS:,ESP
004EC203 .8D45 EC LEA EAX,DWORD PTR SS:
004EC206 .E8 8181F1FF CALL Flash_Pl.0040438C
004EC20B .8D45 E8 LEA EAX,DWORD PTR SS:
004EC20E .E8 7981F1FF CALL Flash_Pl.0040438C
004EC213 .B2 01 MOV DL,1
004EC215 .A1 F8AE4300 MOV EAX,DWORD PTR DS:
004EC21A .E8 D9EDF4FF CALL Flash_Pl.0043AFF8
004EC21F .8945 D8 MOV DWORD PTR SS:,EAX
004EC222 .BA 01000080 MOV EDX,80000001
004EC227 .8B45 D8 MOV EAX,DWORD PTR SS:
004EC22A .E8 69EEF4FF CALL Flash_Pl.0043B098
004EC22F .B1 01 MOV CL,1
004EC231 .BA B4C64E00 MOV EDX,Flash_Pl.004EC6B4 ;ASCII "\\Software\\Flash Player Pro"
004EC236 .8B45 D8 MOV EAX,DWORD PTR SS:
004EC239 .E8 C2EEF4FF CALL Flash_Pl.0043B100
004EC23E .8D55 D4 LEA EDX,DWORD PTR SS:
004EC241 .8B45 FC MOV EAX,DWORD PTR SS:
004EC244 .8B80 10030000 MOV EAX,DWORD PTR DS:
004EC24A .E8 1182F7FF CALL Flash_Pl.00464460 ;取用户名
004EC24F .837D D4 00 CMP DWORD PTR SS:,0
004EC253 .0F84 0F040000 JE Flash_Pl.004EC668
004EC259 .8D55 D0 LEA EDX,DWORD PTR SS:
004EC25C .8B45 FC MOV EAX,DWORD PTR SS:
004EC25F .8B80 14030000 MOV EAX,DWORD PTR DS:
004EC265 .E8 F681F7FF CALL Flash_Pl.00464460 ;取假码
004EC26A .837D D0 00 CMP DWORD PTR SS:,0
004EC26E .0F84 F4030000 JE Flash_Pl.004EC668
004EC274 .33D2 XOR EDX,EDX
004EC276 .55 PUSH EBP
004EC277 .68 61C64E00 PUSH Flash_Pl.004EC661
004EC27C .64:FF32 PUSH DWORD PTR FS:
004EC27F .64:8922 MOV DWORD PTR FS:,ESP
004EC282 .8D55 F8 LEA EDX,DWORD PTR SS:
004EC285 .8B45 FC MOV EAX,DWORD PTR SS:
004EC288 .8B80 10030000 MOV EAX,DWORD PTR DS:
004EC28E .E8 CD81F7FF CALL Flash_Pl.00464460
004EC293 .8D55 F4 LEA EDX,DWORD PTR SS:
004EC296 .8B45 FC MOV EAX,DWORD PTR SS:
004EC299 .8B80 14030000 MOV EAX,DWORD PTR DS:
004EC29F .E8 BC81F7FF CALL Flash_Pl.00464460
004EC2A4 .8D55 CC LEA EDX,DWORD PTR SS:
004EC2A7 .8B45 F4 MOV EAX,DWORD PTR SS:
004EC2AA .E8 3DFCFFFF CALL Flash_Pl.004EBEEC 算法CDLL它主要是用假码和固定字串进
004EC2AF .8B45 CC MOV EAX,DWORD PTR SS: 运算得一个字串在和下方的字串比较
004EC2B2 .BA D8C64E00 MOV EDX,Flash_Pl.004EC6D8 ;ASCII "60C3C872BF6B924C4B8D841E7B9F8407"
004EC2B7 .E8 DC84F1FF CALL Flash_Pl.00404798 //关键CALL
004EC2BC 0F85 32010000 JNZ Flash_Pl.004EC3F4 //关键跳转中只要把这跳NOP就可以了
004EC2C2 .8D45 E4 LEA EAX,DWORD PTR SS:
004EC2C5 .BA 04C74E00 MOV EDX,Flash_Pl.004EC704 ;ASCII
"084104097110107115032102111114032121111117114032114101103105115116114097116105111110033"
004EC2CA .E8 5581F1FF CALL Flash_Pl.00404424
004EC2CF .8D45 E0 LEA EAX,DWORD PTR SS:
004EC2D2 .BA 64C74E00 MOV EDX,Flash_Pl.004EC764 ;ASCII
"114101103105115116101114032115117099099101115115102117108108121"
004EC2D7 .E8 4881F1FF CALL Flash_Pl.00404424
004EC2DC .8B45 E4 MOV EAX,DWORD PTR SS:
004EC2DF .E8 6883F1FF CALL Flash_Pl.0040464C
004EC2E4 .B9 03000000 MOV ECX,3
004EC2E9 .99 CDQ
004EC2EA .F7F9 IDIV ECX
004EC2EC .8BF0 MOV ESI,EAX
004EC2EE .85F6 TEST ESI,ESI
004EC2F0 7E 43 JLE SHORT Flash_Pl.004EC335
004EC2F2 .BF 01000000 MOV EDI,1
004EC2F7 >8D45 C8 LEA EAX,DWORD PTR SS:
004EC2FA .50 PUSH EAX
004EC2FB .8BC7 MOV EAX,EDI
004EC2FD .48 DEC EAX
004EC2FE .8D1440 LEA EDX,DWORD PTR DS:
004EC301 .42 INC EDX
004EC302 .B9 03000000 MOV ECX,3
004EC307 .8B45 E4 MOV EAX,DWORD PTR SS:
004EC30A .E8 9D85F1FF CALL Flash_Pl.004048AC
004EC30F .8B45 C8 MOV EAX,DWORD PTR SS:
004EC312 .8D55 DC LEA EDX,DWORD PTR SS:
004EC315 .E8 0E6CF1FF CALL Flash_Pl.00402F28
004EC31A .8BD8 MOV EBX,EAX
004EC31C .8D45 C4 LEA EAX,DWORD PTR SS:
004EC31F .8BD3 MOV EDX,EBX
004EC321 .E8 4E82F1FF CALL Flash_Pl.00404574
004EC326 .8B55 C4 MOV EDX,DWORD PTR SS:
004EC329 .8D45 EC LEA EAX,DWORD PTR SS:
004EC32C .E8 2383F1FF CALL Flash_Pl.00404654
004EC331 .47 INC EDI
004EC332 .4E DEC ESI
004EC333 .^ 75 C2 JNZ SHORT Flash_Pl.004EC2F7
004EC335 >8B45 E0 MOV EAX,DWORD PTR SS:
004EC338 .E8 0F83F1FF CALL Flash_Pl.0040464C
004EC33D .B9 03000000 MOV ECX,3
004EC342 .99 CDQ
004EC343 .F7F9 IDIV ECX
004EC345 .8BF0 MOV ESI,EAX
004EC347 .85F6 TEST ESI,ESI
004EC349 7E 43 JLE SHORT Flash_Pl.004EC38E
004EC34B .BF 01000000 MOV EDI,1
004EC350 >8D45 C0 LEA EAX,DWORD PTR SS:
004EC353 .50 PUSH EAX
004EC354 .8BC7 MOV EAX,EDI
004EC356 .48 DEC EAX
004EC357 .8D1440 LEA EDX,DWORD PTR DS:
004EC35A .42 INC EDX
004EC35B .B9 03000000 MOV ECX,3
004EC360 .8B45 E0 MOV EAX,DWORD PTR SS:
004EC363 .E8 4485F1FF CALL Flash_Pl.004048AC
004EC368 .8B45 C0 MOV EAX,DWORD PTR SS:
004EC36B .8D55 DC LEA EDX,DWORD PTR SS:
004EC36E .E8 B56BF1FF CALL Flash_Pl.00402F28
004EC373 .8BD8 MOV EBX,EAX
004EC375 .8D45 BC LEA EAX,DWORD PTR SS:
004EC378 .8BD3 MOV EDX,EBX
004EC37A .E8 F581F1FF CALL Flash_Pl.00404574
004EC37F .8B55 BC MOV EDX,DWORD PTR SS:
004EC382 .8D45 E8 LEA EAX,DWORD PTR SS:
004EC385 .E8 CA82F1FF CALL Flash_Pl.00404654
004EC38A .47 INC EDI
004EC38B .4E DEC ESI
004EC38C .^ 75 C2 JNZ SHORT Flash_Pl.004EC350
004EC38E >6A 40 PUSH 40
004EC390 .8B45 E8 MOV EAX,DWORD PTR SS:
004EC393 .E8 B484F1FF CALL Flash_Pl.0040484C
004EC398 .50 PUSH EAX
004EC399 .8B45 EC MOV EAX,DWORD PTR SS:
004EC39C .E8 AB84F1FF CALL Flash_Pl.0040484C
004EC3A1 .50 PUSH EAX
004EC3A2 .A1 8C8E5100 MOV EAX,DWORD PTR DS:
004EC3A7 .E8 34E9F7FF CALL Flash_Pl.0046ACE0
004EC3AC .50 PUSH EAX ; |hOwner
004EC3AD .E8 1AAFF1FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
004EC3B2 .8B4D F8 MOV ECX,DWORD PTR SS:
004EC3B5 .BA ACC74E00 MOV EDX,Flash_Pl.004EC7AC ;ASCII "Username"
004EC3BA .8B45 D8 MOV EAX,DWORD PTR SS:
004EC3BD .E8 BAF0F4FF CALL Flash_Pl.0043B47C
004EC3C2 .8B4D F4 MOV ECX,DWORD PTR SS:
004EC3C5 .BA C0C74E00 MOV EDX,Flash_Pl.004EC7C0 ;ASCII "code";
004EC3CA .8B45 D8 MOV EAX,DWORD PTR SS:
004EC3CD .E8 AAF0F4FF CALL Flash_Pl.0043B47C
004EC3D2 .8B45 D8 MOV EAX,DWORD PTR SS:
004EC3D5 .E8 8EECF4FF CALL Flash_Pl.0043B068
004EC3DA .8B45 D8 MOV EAX,DWORD PTR SS:
004EC3DD .E8 7671F1FF CALL Flash_Pl.00403558
004EC3E2 .8B45 FC MOV EAX,DWORD PTR SS:
004EC3E5 .E8 3E48F9FF CALL Flash_Pl.00480C28
004EC3EA .E8 E179F1FF CALL Flash_Pl.00403DD0
004EC3EF .E9 74020000 JMP Flash_Pl.004EC668
004EC3F4 >8D45 F0 LEA EAX,DWORD PTR SS:
004EC3F7 .50 PUSH EAX
004EC3F8 .B9 07000000 MOV ECX,7
004EC3FD .BA 01000000 MOV EDX,1
004EC402 .8B45 F4 MOV EAX,DWORD PTR SS:
004EC405 .E8 A284F1FF CALL Flash_Pl.004048AC
004EC40A .8D55 B8 LEA EDX,DWORD PTR SS:
004EC40D .8B45 F0 MOV EAX,DWORD PTR SS:
004EC410 .E8 D7FAFFFF CALL Flash_Pl.004EBEEC
004EC415 .8B45 B8 MOV EAX,DWORD PTR SS:
004EC418 .BA D0C74E00 MOV EDX,Flash_Pl.004EC7D0 ;ASCII "22698600A285BDEF56EA4A344B0712F7"
004EC41D .E8 7683F1FF CALL Flash_Pl.00404798
004EC422 .74 0A JE SHORT Flash_Pl.004EC42E
004EC424 .E8 A779F1FF CALL Flash_Pl.00403DD0
004EC429 .E9 3A020000 JMP Flash_Pl.004EC668
004EC42E >8D55 F0 LEA EDX,DWORD PTR SS:
004EC431 .8B45 F8 MOV EAX,DWORD PTR SS:
004EC434 .E8 B3FAFFFF CALL Flash_Pl.004EBEEC
004EC439 .8D45 B4 LEA EAX,DWORD PTR SS:
004EC43C .50 PUSH EAX
004EC43D .B9 02000000 MOV ECX,2
004EC442 .BA 08000000 MOV EDX,8
004EC447 .8B45 F4 MOV EAX,DWORD PTR SS:
004EC44A .E8 5D84F1FF CALL Flash_Pl.004048AC
004EC44F .8B45 B4 MOV EAX,DWORD PTR SS:
004EC452 .50 PUSH EAX
004EC453 .8D45 B0 LEA EAX,DWORD PTR SS:
004EC456 .50 PUSH EAX
004EC457 .B9 02000000 MOV ECX,2
004EC45C .BA 0D000000 MOV EDX,0D
004EC461 .8B45 F0 MOV EAX,DWORD PTR SS:
004EC464 .E8 4384F1FF CALL Flash_Pl.004048AC
004EC469 .8B55 B0 MOV EDX,DWORD PTR SS:
004EC46C .58 POP EAX
004EC46D .E8 2683F1FF CALL Flash_Pl.00404798
004EC472 .74 0A JE SHORT Flash_Pl.004EC47E
004EC474 .E8 5779F1FF CALL Flash_Pl.00403DD0
004EC479 .E9 EA010000 JMP Flash_Pl.004EC668
004EC47E >8D45 A8 LEA EAX,DWORD PTR SS:
004EC481 .50 PUSH EAX
004EC482 .B9 0B000000 MOV ECX,0B
004EC487 .BA 11000000 MOV EDX,11
004EC48C .8B45 F0 MOV EAX,DWORD PTR SS:
004EC48F .E8 1884F1FF CALL Flash_Pl.004048AC
004EC494 .8B45 A8 MOV EAX,DWORD PTR SS:
004EC497 .8D55 AC LEA EDX,DWORD PTR SS:
004EC49A .E8 4DFAFFFF CALL Flash_Pl.004EBEEC
004EC49F .8B55 AC MOV EDX,DWORD PTR SS:
004EC4A2 .8D45 F0 LEA EAX,DWORD PTR SS:
004EC4A5 .E8 7A7FF1FF CALL Flash_Pl.00404424
004EC4AA .8D45 A4 LEA EAX,DWORD PTR SS:
004EC4AD .50 PUSH EAX
004EC4AE .B9 03000000 MOV ECX,3
004EC4B3 .BA 0A000000 MOV EDX,0A
004EC4B8 .8B45 F4 MOV EAX,DWORD PTR SS:
004EC4BB .E8 EC83F1FF CALL Flash_Pl.004048AC
004EC4C0 .8B45 A4 MOV EAX,DWORD PTR SS:
004EC4C3 .50 PUSH EAX
004EC4C4 .8D45 A0 LEA EAX,DWORD PTR SS:
004EC4C7 .50 PUSH EAX
004EC4C8 .B9 03000000 MOV ECX,3
004EC4CD .BA 14000000 MOV EDX,14
004EC4D2 .8B45 F0 MOV EAX,DWORD PTR SS:
004EC4D5 .E8 D283F1FF CALL Flash_Pl.004048AC
004EC4DA .8B55 A0 MOV EDX,DWORD PTR SS:
004EC4DD .58 POP EAX
004EC4DE .E8 B582F1FF CALL Flash_Pl.00404798
004EC4E3 .74 0A JE SHORT Flash_Pl.004EC4EF
004EC4E5 .E8 E678F1FF CALL Flash_Pl.00403DD0
004EC4EA .E9 79010000 JMP Flash_Pl.004EC668
004EC4EF >8D45 E4 LEA EAX,DWORD PTR SS:
004EC4F2 .BA 04C74E00 MOV EDX,Flash_Pl.004EC704 ;ASCII
"084104097110107115032102111114032121111117114032114101103105115116114097116105111110033"
004EC4F7 .E8 287FF1FF CALL Flash_Pl.00404424
004EC4FC .8D45 E0 LEA EAX,DWORD PTR SS:
004EC4FF .BA 64C74E00 MOV EDX,Flash_Pl.004EC764 ;ASCII
"114101103105115116101114032115117099099101115115102117108108121"
004EC504 .E8 1B7FF1FF CALL Flash_Pl.00404424
004EC509 .8B45 E4 MOV EAX,DWORD PTR SS:
004EC50C .E8 3B81F1FF CALL Flash_Pl.0040464C
004EC511 .B9 03000000 MOV ECX,3
004EC516 .99 CDQ
004EC517 .F7F9 IDIV ECX
004EC519 .8BF0 MOV ESI,EAX
004EC51B .85F6 TEST ESI,ESI
004EC51D .7E 43 JLE SHORT Flash_Pl.004EC562
004EC51F .BF 01000000 MOV EDI,1
004EC524 >8D45 9C LEA EAX,DWORD PTR SS:
004EC527 .50 PUSH EAX
004EC528 .8BC7 MOV EAX,EDI
004EC52A .48 DEC EAX
004EC52B .8D1440 LEA EDX,DWORD PTR DS:
004EC52E .42 INC EDX
004EC52F .B9 03000000 MOV ECX,3
004EC534 .8B45 E4 MOV EAX,DWORD PTR SS:
004EC537 .E8 7083F1FF CALL Flash_Pl.004048AC
004EC53C .8B45 9C MOV EAX,DWORD PTR SS:
004EC53F .8D55 DC LEA EDX,DWORD PTR SS:
004EC542 .E8 E169F1FF CALL Flash_Pl.00402F28
004EC547 .8BD8 MOV EBX,EAX
004EC549 .8D45 98 LEA EAX,DWORD PTR SS:
004EC54C .8BD3 MOV EDX,EBX
004EC54E .E8 2180F1FF CALL Flash_Pl.00404574
004EC553 .8B55 98 MOV EDX,DWORD PTR SS:
004EC556 .8D45 EC LEA EAX,DWORD PTR SS:
004EC559 .E8 F680F1FF CALL Flash_Pl.00404654
004EC55E .47 INC EDI
004EC55F .4E DEC ESI
004EC560 .^ 75 C2 JNZ SHORT Flash_Pl.004EC524
004EC562 >8B45 E0 MOV EAX,DWORD PTR SS:
004EC565 .E8 E280F1FF CALL Flash_Pl.0040464C
004EC56A .B9 03000000 MOV ECX,3
004EC56F .99 CDQ
004EC570 .F7F9 IDIV ECX
004EC572 .8BF0 MOV ESI,EAX
004EC574 .85F6 TEST ESI,ESI
004EC576 .7E 43 JLE SHORT Flash_Pl.004EC5BB
004EC578 .BF 01000000 MOV EDI,1
004EC57D >8D45 94 LEA EAX,DWORD PTR SS:
004EC580 .50 PUSH EAX
004EC581 .8BC7 MOV EAX,EDI
004EC583 .48 DEC EAX
004EC584 .8D1440 LEA EDX,DWORD PTR DS:
004EC587 .42 INC EDX
004EC588 .B9 03000000 MOV ECX,3
004EC58D .8B45 E0 MOV EAX,DWORD PTR SS:
004EC590 .E8 1783F1FF CALL Flash_Pl.004048AC
004EC595 .8B45 94 MOV EAX,DWORD PTR SS:
004EC598 .8D55 DC LEA EDX,DWORD PTR SS:
004EC59B .E8 8869F1FF CALL Flash_Pl.00402F28
004EC5A0 .8BD8 MOV EBX,EAX
004EC5A2 .8D45 90 LEA EAX,DWORD PTR SS:
004EC5A5 .8BD3 MOV EDX,EBX
004EC5A7 .E8 C87FF1FF CALL Flash_Pl.00404574
004EC5AC .8B55 90 MOV EDX,DWORD PTR SS:
004EC5AF .8D45 E8 LEA EAX,DWORD PTR SS:
004EC5B2 .E8 9D80F1FF CALL Flash_Pl.00404654
004EC5B7 .47 INC EDI
004EC5B8 .4E DEC ESI
004EC5B9 .^ 75 C2 JNZ SHORT Flash_Pl.004EC57D
004EC5BB >33C0 XOR EAX,EAX
004EC5BD .55 PUSH EBP
004EC5BE .68 17C64E00 PUSH Flash_Pl.004EC617
004EC5C3 .64:FF30 PUSH DWORD PTR FS:
004EC5C6 .64:8920 MOV DWORD PTR FS:,ESP
004EC5C9 .8B4D F8 MOV ECX,DWORD PTR SS:
004EC5CC .BA ACC74E00 MOV EDX,Flash_Pl.004EC7AC ;ASCII "Username"
004EC5D1 .8B45 D8 MOV EAX,DWORD PTR SS:
004EC5D4 .E8 A3EEF4FF CALL Flash_Pl.0043B47C
004EC5D9 .8B4D F4 MOV ECX,DWORD PTR SS:
004EC5DC .BA C0C74E00 MOV EDX,Flash_Pl.004EC7C0 ;ASCII "code"
004EC5E1 .8B45 D8 MOV EAX,DWORD PTR SS:
004EC5E4 .E8 93EEF4FF CALL Flash_Pl.0043B47C
004EC5E9 .6A 40 PUSH 40
004EC5EB .8B45 E8 MOV EAX,DWORD PTR SS:
004EC5EE .E8 5982F1FF CALL Flash_Pl.0040484C
004EC5F3 .50 PUSH EAX
004EC5F4 .8B45 EC MOV EAX,DWORD PTR SS:
004EC5F7 .E8 5082F1FF CALL Flash_Pl.0040484C
004EC5FC .50 PUSH EAX
004EC5FD .A1 8C8E5100 MOV EAX,DWORD PTR DS:
004EC602 .E8 D9E6F7FF CALL Flash_Pl.0046ACE0
004EC607 .50 PUSH EAX ; |hOwner
004EC608 .E8 BFACF1FF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
004EC60D .33C0 XOR EAX,EAX
004EC60F .5A POP EDX
004EC610 .59 POP ECX
004EC611 .59 POP ECX
004EC612 .64:8910 MOV DWORD PTR FS:,EDX
004EC615 .EB 34 JMP SHORT Flash_Pl.004EC64B
004EC617 .^ E9 1C74F1FF JMP Flash_Pl.00403A38
004EC61C .8D45 F0 LEA EAX,DWORD PTR SS:
004EC61F .BA FCC74E00 MOV EDX,Flash_Pl.004EC7FC ;ASCII "Flash Player Pro Can not save registraton
information. Please try it again."
004EC624 .E8 FB7DF1FF CALL Flash_Pl.00404424
004EC629 .6A 10 PUSH 10
004EC62B .8B45 F0 MOV EAX,DWORD PTR SS:
004EC62E .E8 1982F1FF CALL Flash_Pl.0040484C
004EC633 .8BD0 MOV EDX,EAX
004EC635 .B9 48C84E00 MOV ECX,Flash_Pl.004EC848 ;ASCII "Error"
004EC63A .A1 D0795100 MOV EAX,DWORD PTR DS:
004EC63F .8B00 MOV EAX,DWORD PTR DS:
004EC641 .E8 567FF9FF CALL Flash_Pl.0048459C
004EC646 .E8 5577F1FF CALL Flash_Pl.00403DA0
004EC64B >8B45 FC MOV EAX,DWORD PTR SS:
004EC64E .E8 D545F9FF CALL Flash_Pl.00480C28
004EC653 .33C0 XOR EAX,EAX
004EC655 .5A POP EDX
004EC656 .59 POP ECX
004EC657 .59 POP ECX
004EC658 .64:8910 MOV DWORD PTR FS:,EDX
004EC65B .68 68C64E00 PUSH Flash_Pl.004EC668
004EC660 >C3 RETN ;RET 用作跳转到 004EC668
004EC661 .^ E9 8676F1FF JMP Flash_Pl.00403CEC
004EC666 .^ EB F8 JMP SHORT Flash_Pl.004EC660
004EC668 >33C0 XOR EAX,EAX
004EC66A .5A POP EDX
004EC66B .59 POP ECX
004EC66C .59 POP ECX
004EC66D .64:8910 MOV DWORD PTR FS:,EDX
004EC670 .68 A4C64E00 PUSH Flash_Pl.004EC6A4
004EC675 >8D45 90 LEA EAX,DWORD PTR SS:
004EC678 .BA 10000000 MOV EDX,10
004EC67D .E8 2E7DF1FF CALL Flash_Pl.004043B0
004EC682 .8D45 D0 LEA EAX,DWORD PTR SS:
004EC685 .BA 02000000 MOV EDX,2
004EC68A .E8 217DF1FF CALL Flash_Pl.004043B0
004EC68F .8D45 E0 LEA EAX,DWORD PTR SS:
004EC692 .BA 07000000 MOV EDX,7
004EC697 .E8 147DF1FF CALL Flash_Pl.004043B0
004EC69C .C3 RETN
004EC69D .^ E9 4A76F1FF JMP Flash_Pl.00403CEC
004EC6A2 .^ EB D1 JMP SHORT Flash_Pl.004EC675
004EC6A4 .5F POP EDI
004EC6A5 .5E POP ESI
004EC6A6 .5B POP EBX
004EC6A7 .8BE5 MOV ESP,EBP
004EC6A9 .5D POP EBP
004EC6AA .C3 RETN
\********************************************************************************************\
我在说说这软件的算法.
1.在软件中有个CALL把字串分别放DS;[EBX] DS;[EBX+4] DS;[EBX+8] DS;[EBX+C]
2.在把假码和这4字串作为参数放入4个算法CALL.进行运算得到的数在和60C3C872BF6B924C4B8D841E7B9F8407比较.想同就注册城功了 看下这个吧兄弟:
https://www.chinapyg.com/viewthread.php?tid=49649&highlight=Flash%2BPlayer%2BPro 学习一下了,感谢分享了,顶起来 密码学确实是弱项,往往分不清是解压还是解密 学习一下。。。。。。。。。。。。。。。。 学习一下了。。 学习了!受教了~
页:
[1]